2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing
Cloud Encryption using Distributed Environmental Keys
Kun-Lin Tsai1*, Fang-Yie Leu2*, Yi-Fung Huang2, Chi Yang1, Cheng-Hsin Chang1,
King-Shing Yip1, Yuchen Xue1, Guan-Chi Lai1
1
Department of Electrical Engineering, Tunghai University, Taichung, Taiwan
2
Department of Computer Science, Tunghai University, Taichung, Taiwan
*kltsai@thu.edu.tw; leufy@thu.edu.tw
AbstractIn recent years, cloud storage has been popularly
used by people in different areas to store their personal or
commercial data so as to make the data able to be accessed
anytime and anywhere. However, when data is distributed to
many locations, the risk of unauthorized access will increase.
To secure cloud storage, data is often encrypted by using one
encryption key, which is shared by those people who need to
access the data. The key sharing method, unfortunately,
dramatically increases the risk of data leakage, particularly
when the key is hacked or lost. Another choice is multi-key
encryption, which also increases the difficulty of data sharing
and usage, especially in a cloud environment. To solve this
problem, in this paper, we propose a secure cloud data
encryption system, named the Distributed ENvironmental Key
(DENK in short), with which all files are encrypted by one
encryption key derived from multiple matching keys which are
keys derived from authorized users password keys and a
trusted computers environmental key. An authorized user can
decrypt the files on a trusted computer by using one matching
key and one auxiliary key provided by system server. The
security analyses show that the DENK is able to resist
machine-specific data leakage, replay attack, eavesdropping
attack, and impersonation attack, and is practically useful in
business.
Keywords-Cloud storage; cloud security; group key;
environmental key
I. INTRODUCTION
In recent years, with the development of cloud
technology, cloud storage, such as Dropbox [1], Google
Cloud Storage [2], OneDrive [3], Asus Webstorage [4], etc.,
has been widely used to store personal or commercial data.
People use such cloud storage to share data or exchange
information with authorized users. For example, business
data or customers personal information of a company is
stored in cloud storage from which authorized employees
can access the data through their own electronic devices, e.g.
computers or smart phones. Therefore, a considerable
number of commercial files and sensitive information are
distributed on many cloud servers. However, without data
encryption and/or password protection, the problem of data
loss will be worse. If the privacy information stored in the
cloud is hacked, those sensitive data may be exposed to a
fatal risk, resulting in huge business-reputation damages and
credit loss. In [5], Chu et al. analyzed a systematic security
of sharing methods from three major cloud storages, i.e.,
Dropbox, Google Drive, and Microsoft SkyDrive, and
978-1-5090-0984-8/16 $31.00 2016 IEEE
DOI 10.1109/IMIS.2016.73
claimed that all these storage services have their own
security problems that could result in data leakage.
To secure cloud data, Lee et al. [6] proposed a Digital
Rights Management (DRM) cloud, which, as a modified
version of existing DRM technology [7], is a cloud
architecture with a specific content protection scheme. The
authors also provided service scenarios, like content
packaging, license acquisition, and content sharing, to
protect those files stored in the cloud. In [8], Renjith and
Sabitha introduced a re-encryption scheme for the data stored
in a cloud. Encrypted data is shared by authorized clients.
However, if automatic re-encryption is done too frequently,
it will lead to wastage of resources.
Although many studies [6, 8-9] tried to prevent cloud
data from being lost and keep the convenience of data
sharing at the same time, data leakage still exists. Therefore,
in this paper, we propose an efficient and secure data
encryption system, named Distributed ENvironmental Key
(DENK in short), to protect cloud data from being invalidly
accessed by unauthorized users. In the DENK, group files
are encrypted by one encryption key derived from all
matching keys, which are matching keys calculated by using
an authorized users password key and a trusted computers
environmental key so that only the authorized user can
access the files in a specific trusted computer. Also, user
authorization and parameters verification are done by
employing dynamic system time and the trusted computers
hardware configuration. Besides, important parameters are
hidden in the trusted computer to avoid them from being
cracked easily. Based on our security analyses, the proposed
system is able to resist machine-specific data leakage [10],
replay attack [11], eavesdropping attack [12], and
impersonation attack [13].
The rest of the paper is organized as follows. Section II
introduces the related studies of this paper. Section III
describes our system architecture and environmental key
generation procedure. The encryption key generation and file
encryption/decryption procedures are presented in Section
IV. The security of the DENK is analyzed in Section V.
Section VI concludes this paper and outlines our future
studies.
II. RELATED STUDIES
Previous studies [6, 14-15] pointed out four threats for
cloud storage, including computer incursion by hackers,
incursion by malware, accidental data loss by user, and data
leakage by insiders. To protect cloud data from being lost,
476
many cloud computing environments use Advanced Trusted Computer

Encryption Standard (AES) to encrypt cloud data. However,

AES may be cracked by using the brute-force attack. In [16], kAM1
Huang et al. proposed the SeFEM encryption approach M1
which utilizes three security schemes, including a kAM2
sequentiallogic style encryption/decryption mechanism, 3D User A
kAM3
operators, and a dynamic transition box, to increase the
kBM2
difficulty of cracking encryption keys so as to effectively M2
protect encrypted data from bruteforce and cryptanalysis kBM4
attacks. In [17], Wang et al. presented a protocol supporting User B kCM2
Server
dynamic data operations to secure a public auditing system kCM1
which is used to protect data storage in a cloud system. Their M3
scheme is a batch auditing mechanism where multiple kCM4
delegated auditing tasks can be performed by a third party User C
auditor. Shin and Kwon [18] explained the concept of remote M4
data auditing, and described system model and taxonomy of
remote data auditing schemes. They introduced many Fig. 1. System architecture and matching keys distribution of the DENK.
challenging issues for designing an efficient batch auditing,
including high communication cost, inefficient identification server. For example, user A can access cloud data through
protocol of corrupted data, and high computational trusted computer M1, M2, or M3; however, he/she cannot
complexity. decrypt files via M4 since he/she has not registered his/her
To deal with multiuser and their group keys, the key matching pair with M4 and been authorized by the server.
management scheme is another important issue. Ateniese et
al. [19] indicated that, in an open network, communication B. Initial Phase
among group members must be secure and efficient. They In the initial phase of the DENK, the server generates
proposed a multiparty authentication services scheme which system parameters and selects a large prime number
extends the group Diffie-Hellman key agreement, focusing  2 ,  > 160. After that, the server
on key authentication, key confirmation and data integrity. (1) determines Fq, which is a finite field of characteristic 2
Chen et al. [9] also presented a secure group key and the order of q;
management method by using a proxy re-encryption scheme (2) determines the elliptic curve :  
 + 
+
which is developed based on RSA [20] and has the
(  ) , where ,
 and 4 + 27

properties of uni-directionality and multi-hop. Each group
member holds just one secret auxiliary key and logN public
auxiliary keys where N is the number of group members.
The group key will be updated when members join or leave.
The time complexity of computing the newest group key
from the key update history is O(logN).
Several cloud security approaches have been studied. But
currently, it is still hard for multiple users to share cloud data
in a heterogeneous environment. That is why the DENK is
proposed to effectively encrypt shared cloud data and
prevent it from being decrypted by attackers or leaked by
unauthorized users.
III. SYSTEM ARCHITECTURE AND ENVIRONMENTAL KEY
A. System Architecture
The DENK architecture, as shown in Fig. 1, consists of a
server, trust computers and users. Before accessing a file, a
user is required to register with the server and then
authorized by the enterprises administrator. After
authorization, the server will generate a password key for the
user. A user and a trusted computer as a matching pair (e.g.,
user A and trusted computer M1) also need to be registered
with and stored in the server, so that the matching keys
derived from users password key and the trusted computers
environment key can be used to generate a file encryption
key. If one users ID can match with any his/her trusted
computers IDs, then, he/she can access the file stored in the
477
0(mod );
(3) selects a base point P of order n on E, and  
1 ( ) for any k, 1  < 100;
(4) generates a cyclic additive group G by P, the order of
which is n;
(5) chooses a secure hash function  :   ;
(6) publishes the system parameters {E, P, H1}.
C. Environmental Key Generation Function
The environmental key is first introduced in [14]. A
trusted computer Cs parameters, which can be CPU ID, disk
serial number, Mac address of NIC, OS serial number, etc.,
are used to create one unique environmental key. By using
Cs environmental key, an encrypted file can only be
accessed on C. Assuming that there are w parameters of C
which are numbered from 1 to w. The procedure of the
environmental key generation function (Fenvironment) is as
follows.
1) Set the users password key kPWi, where i is users ID,
as the input of hash function H1;
2) Use H1(kPW) to generate a parameter sequence, e.g., {1,
2, 1, , 9, 3};
3) Use the parameter sequence to access device numbers,
as the inputs of hash function H2, to generate the
environmental key
! =  ("#$%||%&'*-||"#$%|| ||./"), where H2
is defined as  :  3  .
 (1) kM 1  Fenvironment ( H1 (k PWA )); Fig. 2 summarizes the steps of Round 1.
(2) k AM 1  (kM 1  kPWA )  2 kPWA ; K AM 1  k AM 1  P;
(3) Fetch system time tnonce; Derive kct from tnonce;
(4) Generate random number rA  Z n*;
Round 2: by server S
(5) RA  rA  P;r ' A  ((rA || UIDA || UIDM 1 )  kct ) 2 kct ;
User A In Round 2, server S first collects the matching key from
(6) K ' AM 1  ( K AM 1  2 rA )  kct ;
Trusted Computer (7) CK AM 1  RA  K AM 1; a user and a trusted computer as a matching pair, user A and
M1 (8) {UIDA , UIDM 1 , K ' AM 1 , r ' A , RA , CK AM 1 , tnonce } Server S trusted computer M1 as an example. Server S
(1) fetches the system time tnonce,S and checks to see
Fig. 2. The encryption-key-generation procedure of Round 1. whether or not GHEI,J GHEI G, where G as a
predefined time threshold is the allowable maximum
Note that the length of parameter sequence may vary transmission delay from user A to S;
according to the required systems security level. The longer (2) derives kct from tnonce;
the sequence, the higher the security level. (3) obtains rA,C, UIDA,C, and UIDM1,C by calculating
IV. ENCRYPTION KEY GENERATION AND FILE 5 ||$%5 ||$%! = (5C + EF )EF , and then
ENCRYPTION/DECRYPTION calculates B5,L = 5,L #;
(4) checks to see whether B5,L = B5 , $%5,L = $%5 , and
A. Encryption Key Generation and File Encryption $%!,L = $%! or not;
Following the procedure of the encryption key generation, If not, it discards this message and sends a
an authorized group user can encrypt his/her private files and verification-failure message to A to terminate this
share the files with other authorized users. The procedure has procedure. Otherwise, it
C
two rounds. In round 1, as shown in Fig. 2, user A produces (5) calculates ?5!,L = (?5! EF ) 5 ;
a matching key KAM1 on trusted computer M1 and, in round 2, (6) calculates "?5!,L = B5 +MLL ?5!,L , where +ECC is an
as illustrated in Fig. 3, server S generates an encryption key addition operation on ECC;
by using the produced matching keys. (7) checks to see whether "?5!,L = "?5! ;
Round 1: by user A If not, it discards this message and sends a verification-
failure message to A to terminate this procedure.
(1) derives kM1 from kPWA, hash function H1, and Otherwise, it keeps KAM1.
environmental key function Fenvironment; Then, by using the same steps from (1) to (7), server S
(2) calculates 5! = (! 9;5 )+ 9;5 and (E1) collects all matching key KiMj from all matching pairs,
?5!@ 5! # by using ECC ; where i is the users ID, i=1, 2, , n, and j is the
(3) fetches the system time tnonce, with which to derive the trusted computers ID, j=1, 2, , w;
time key kct; (E2) calculates file encryption key ? = O,P ?O!P by
(4) generates a random number 5 , 5  ; using an ECC addition operation;
(5) calculates B5 = 5 # and (E3) uses EK to encrypt group files.
5C = ((5 ||$%5 ||$%! ) EF ) EF ; Fig. 3 summarizes the steps of Round 2.
C
(6) calculates ?5! = (?5! + 5 )EF ; B. File Decryption
(7) calculates "?5! = B5 + ?5! ; When an authorized group member (e.g., user B) would
C
(8) sends {$%5 , $%! , ?5! , 5C , B5 , "?5! , GHEI } to like to decrypt a file on certain trusted computer (e.g., M3),
server S. as shown in Figs. from 4 to 6, there are 3 rounds.

{UIDA , UIDM 1 , K ' AM 1 , r ' A , RA , CK AM 1 , tnonce }

(1) Fetch system time tnonce,S when the packet is received;

{
Verify tnonce, S  tnonce  t ? Yes, No, terminate this procedure;
continue this procedure;
(2) Derive kct from tnonce; Server S
(3) rA,C || UIDA,C || UIDM 1,C  (r ' A  2 kct )  kct ; RA,C  rA,C  P;
{ No, terminate this procedure;
(4) Verify RA,C=RA? UIDA,C=UIDA? UIDM1,C=UIDM1? Yes, continue this procedure;
(5) K AM 1,C  ( K ' AM 1  kct )  2 rA ;
User A
Trusted (6) CK AM 1,C  RA  ECC K AM 1,C ;
Computer (7) Verify CK =CK ? No, terminate this procedure;
M1 AM1,C AM1 {
Yes, keep KAM1;
(E1) Collect KiMj from users and trusted computers;
(E2) EK  K AM 1  ECC K AM 2  ECC ...  ECC K nMl   ECC KiMj ;

i , j
(E3) Encrypt files by using EK.

Fig. 3. The encryption key generation procedure of Round 2.

478
 (1) Fetch system time t 'nonce ; Derive k 'ct from t 'nonce ; C CC
(9) computes ?5TU = ?5TU +MLL
#, and ?5TU =
(2) Generate random number rB  Z n*;
?5TU +MLL BR ;
(3) RB  rB  P; r 'B  (rB  k 'ct )  2 k 'ct ; C CC }
(4) REQB  ((UIDB || UIDM 3 || FID)  2 rB )  k 'ct
(10) sends {?5TU , ?5TU to user B.
User B Fig. 5 summarizes the steps of Round 2.
Trusted Computer (5){UIDB , r 'B , RB , REQB , t 'nonce } Server S
M3 Round 3: by user B
Fig. 4. The file decryption procedure of Round 1.
Upon receiving the message, user B in Round 3
CC
Round 1: by user B (1) computes ?5TU,L = ?5TU MLL BR ;
C C C
(2) computes
= (R + EF )(EF  R ) and ?5TU,L =
User B first ?5TU,L +MLL
#;
C
(1) fetches the system time GHEI , with which to derive (3) checks to see whether ?5TU,L C C
= ?5TU or not;
C
EF ; If not, it discards this message and sends a verification-
(2) generates a random number R , R  ; failure message to S to terminate the procedure.
(3) calculates BR = R # and RC = (R EF C C
)+ EF ; Otherwise, it
(4) selects the file to be accessed, of which the file ID is (4) calculates ! = IVOHWIF ( (9;R ));
FID, and calculates (5) calculates R! = (! 9;R )+ 9;R and
C
BSR = (($%R ||$%! ||$%)+ R )EF ; ?5!@ 5! # by using ECC ;
C
(5) sends {$%R , RC , BR , BSR , GHEI } to S. (6) computes file decryption key ? = ?5TU +MLL ?R! ,
Fig. 4 summarizes the steps of Round 1. and decrypts files with EK.
Round 2: by server S Fig. 6 summarizes the steps of Round 3.
Server S in Round 2 V. SECURITY ANALYSIS
C
(1) fetches the system time GHEI,J and checks to see
C C A. Machine-specific data leakage
whether or not GHEI,J GHEI G where G as a
predefined time threshold is the allowable maximum In the encryption key generation procedure, the matching
transmission delay from user B to S; key is derived from the authorized users password key and
(2) derives EFC C
from GHEI ; trusted computers environmental key. To our knowledge,
(3) computes R,L = (RC  EF C
)EF C
and BR,L = R,L #; system parameters, like MAC address of NIC, CPU ID, and
(4) checks to see whether BR,L = BR ; OS serial number, are individually unique among all
computers having been produced in the world. Hence, it is
If not, it discards this message and sends a verification-
almost impossible for users to generate the same kMj in
failure message to user B to terminate the procedure.
Otherwise, it different computers given the same parameter sequence. As a
(5) obtains UIDB,C , UIDM3 and FID by calculating result, even a user copies the files to other computer, e.g., an
C untrusted computer X, from the trusted one, he/she is still
$%R,L ||$%! ||$% = (BSR EF ) R ;
unable to decrypt it on X, meaning that the DENK well
(6) checks to see whether $%R,L = $%R ; protects data from leakage.
If not, S discards and sends a verification-failure
message to user B to terminate the procedure. B. Replay attacks
Otherwise, it In the DENK, the time key EF is derived in Round 1 of
(7) generates auxiliary key ?5TU = ?MLL ?R! ; both encryption key generation and file decryption
C C
(8) computes
= (R + EF )(EF  R );
{UIDB , r 'B , RB , REQB , t ' nonce }

(1) Fetch system time t 'nonce, S when the packet is received;

{ No, terminate the procedure;
Verify t 'nonce, S  t 'nonce  t ? Yes, continue the procedure;
(2) Derive k 'ct from t 'nonce ;
(3) rB ,C  (r 'B  2 k 'ct )  k 'ct ; RB ,C  rB ,C  P;
{
(4) Verify RB,C=RB? No, terminate the procedure;
Yes, continue the procedure;
(5) UIDB,C ||UID M 3 || FID  ( REQB  k 'ct )  2 rB
{
(6) Verify UIDB,C=UIDB? No, terminate the procedure;
Yes, continue the procedure;
User B Trusted (7) K AUX  EK  ECC K BM 3 ;
Computer (8) x  (rB + 2 k 'ct )  (k 'ct  2 rB ); Server S
M3 (9) K ' AUX  K AUX  ECC x  P; K '' AUX  K AUX  ECC RB ;
(10) {K ' AUX , K '' AUX }

Fig. 5. The file decryption procedure of Round 2.

479
 {K ' AUX , K '' AUX }
(1) K AUX ,C1  K '' AUX  ECC RB ;
(2) x  (rB + 2 k 'ct )  (k 'ct  2 rB ); K ' AUX ,C  K AUX ,C1  ECC x  P;
Trusted Computer
{
(3) Verify K ' AUX ,C  K ' AUX ? Yes,
M3
(4) kM 3  Fenvironment ( H1 (k PWB ));
(5) kBM 3  (kM 3  kPWB )  2 kPWB ; K BM 3  k BM 3  P;
(6) EK  K AUX ,C1  ECC K BM 3 ; Decrypt files with EK;
User B
Fig. 6. The file decryption procedure of Round 3.
procedures. When an adversary intercepts the message sent
by a user to the server, there may be two cases. First, the
adversary keeps the original message without modifying it
and pretends the corresponding legal user to transmit this
message to the server. In this case, GHEI,J GHEI G
does not hold because the retransmission is delayed where t
is the maximal time required by a message to be transmitted
from a user to the server. Second, the adversary modifies the
time tnonce to make GHEI,J GHEI G . However, the
authentication (Step (4)) of Round 2 in both procedures
would fail because the time key is different from the original
one. Therefore, the DENK is invulnerable to replay attacks.
C. Eavesdropping attack
Assuming that an adversary captures messages from the
underlying network, he/she can extract sensitive information,
such as matching key, when the number of captured
messages is large. In this scheme, the abovementioned
parameters are encrypted by a random number and time key,
i.e., rA and EF , in Step (6) of Round 1 in the encryption-key-
generation procedure, and the time key EF varies in different
sessions. When a large amount of messages are captured by
the adversary from the network, he/she is still unable to
extract these parameters from these messages. Thus, the
DENK is able to thwart the eavesdropping attack.
D. Impersonation attack
When adversary Z wants to impersonate user B, he/she
intercepts the message sent by server to user B in Round 2 of
C
the decryption procedure, and derives KAUX from ?5TU and
CC
?5TU . However, due to the lack of correct rB, Z cannot
C
correctly decrypt x to obtain ?5TU , and hence cannot
correctly generate KAUX. Thus, Z cannot pass the verification
in Round 3, showing that the DENK can effectively defend
the impersonation attack.
E. Forgery attack
In Round 3 of decryption procedure, a hacker may
C
pretend himself/herself as the server by issuing a valid ?5TU
CC
and a valid ?5TU which are invalidly captured in previous
C
decryption procedure. However, the captured ?5TU is
C CC
encrypted by xP which is derived from rB and EF , and ?5TU
C 2, pp. 46-50, November 2004.
is encrypted by RB. Since both rB and EF are generated by
C
user B in current decryption procedure, the previous ?5TU
CC
and ?5TU cannot pass the verification in Step (3) of the
decryption procedure. Furthermore, he/she may generate a
fake message. However, without knowing the correct values
C C CC
of rB and EF , the correct value of ?5TU and ?5TU cannot be
produced in round 2. In other words, the message cannot
pass the verification procedure, meaning that the DENK can
effectively defend forgery attacks.
VI. CONCLUSION AND FUTURE STUDIES
No, terminate this procedure;
continue this procedure;
To prevent data from leakage in cloud storage, in this
study, the DENK is used to encrypt secret group files so that
these files can be shared by all authorized users on trusted
Server S
computers. The matching keys together with users password
key and trusted computers environmental keys generate the
file encryption key. During the decryption procedure, one
auxiliary key and one matching key are computed by using
ECC addition operation to generate the file decryption key.
Further, according to our security analyses, the DENK is
able to resist machine-specific data leakage, replay attack,
eavesdropping attack, and impersonation attack, and can be
used for business data sharing.
In the near future, we would like to improve the key
generation procedure as well as the file decryption procedure.
Although the DENK has a high level of security, the
complex steps used for parameter hiding and verification
need to be improved so that the trusted computer and
servers processing time can be further reduced. Besides, we
would also like to derive the reliability and behaviour models
of the DENK so that users can predict the system reliability
and its behaviour before using it. These constitute our future
studies.
REFERENCES
[1] Retrieved January 28, 2016, from https://www.dropbox.com/
[2] Retrieved January 28, 2016, from https://cloud.google.com/storage/
[3] Retrieved January 28, 2016, from https://onedrive.live.com/
[4] Retrieved January 28, 2016, from
https://www.asuswebstorage.com/navigate/
[5] C.K. Chu, W.T.Zhu, J. Han, J.K. Liu, J. Xu, and J. Zhou, Security
Concerns in Popular Cloud Storage Services, IEEE Pervasive
Computing, vol. 12, no. 4, pp. 50-57, Oct.-Dec. 2013.
[6] H. Lee, C. Seo, and S.U. Shin, DRM Cloud Architecture and Service
Scenario for Content Protection, Journal of Internet Services and
Information Security, vol. 3, no. 3/4, pp. 94-105, Nov. 2011.
[7] A. Barlow, N. Robbins, and A. Rodgers, Digital Rights Management.
US Patent, US 20040059929 A1, 2004.
[8] P. Renjith, S. Sabitha, Verifiable El-Gamal Re-encryption with
Authenticity in Cloud, in Proceedings of International Conference
on Computing, Communications and Networking Technologies, July
2013, pp. 1-5.
[9] Y.R. Chen, J.D. Tygar, W.G. Tzeng, Secure Group Key
Management Using Uni-Directional Proxy Re-Encryption Schemes,
in Proceedings of IEEE INFOCOM, April 2011, pp. 1952-1960.
[10] G. Lawton, New Technology Prevents Data Leakage, IEEE
Computer, vol. 41, no. 9, pp. 14-17, September 2008.
[11] P. Syverson, A taxonomy of replay attacks, in Proceedings of
Computer Security Foundations Workshop, June 1994, pp. 187-191.
[12] Z. Zhang, Z. Man, and Y. Li, Improving Wjcik's eavesdropping
attack on the pingpong protocol, Physics Letters A, vol. 333, no. 1-
[13] T. Tsuji and A. Shimizu, An Impersonation Attack on One-Time
Password Authentication Protocol OSPA, IEICE Transactions on
Communications, vol. E86-B, no.7, pp. 2182-2185, July 2003.
[14] K.L. Tsai, J.S. Tan, F.Y. Leu, and Y.L. Huang, A Group File
Encryption Method using Dynamic System Environment Key, in
Proceedings of International Conference on Network-Based
480
 Information Systems, Salerno, Italy, September 10-12, 2014, pp. 476
483.
[15] L. Yin, The Analysis of Critical Technology on Cloud Storage
Security, in Proceedings of IEEE International Conference on
Computer Sciences and Applications, Dec. 2013, pp. 26-28.
[16] Y.L. Huang, C.R. Dai, F.Y. Leu, I. You, A Secure Data Encryption
Method Employing a Sequential-Logic Style Mechanism for a Cloud
System, International Journal of Web and Grid Services, vol. 11, no.
1, January 2015, pp. 102-124.
[17] Q. Wang, C. Wang, K. Ren, W. Lou, and J. Li, Enabling Public
Auditability and Data Dynamics for Storage Security in Cloud
Computing, IEEE Transactions on Parallel and Distributed Systems,
vol. 22, no. 5, pp. 847-859, March 2011.
481
[18] S. Shin and T. Kwon, A Survey of Public Provable Data Possession
Schemes with Batch Verification in Cloud Storage, Journal of
Internet Services and Information Security, vol. 5, no. 3, pp. 37-47,
August 2015.
[19] G. Ateniese, M.Steiner, and G. Tsudik, New Multiparty
Authentication Services and Key Agreement Protocols, IEEE
Journal on Selected Area in Communications, vol. 18, no. 4, pp. 628-
639, April 2000.
[20] L.M. Adleman, R.L. Rivest, and A. Shamir, Cryptographic
communications system and method, United State Patent No. 4405829,
September 1983.